Security / CIS - security

संस्थान के संगणक सुरक्षा के संबंध में सुझाव :

  1. An affective "Cyber-incident response plan" containing set of specific action to prevent, detect and mitigate cyber-attacks may be chalked-out and updated regularly.
  2. Before usage of new computers a thorough check may be carried out to detect any hidden file/folders/features which may subsequently compromise the security of the stored data.
  3. The Students and Employees need to be sensitized from time to time regarding measures/precautions to be observed by them to protect the network.
  4. Admin privileges of computers used for browsing internet should rest with System Administrator only and all other users should be given only user privileges. All users having access to internet connection may be advised not to store any official data in internet connected computers.
  5. Regular backup of data should be taken to avoid data loss from incidents like malware infections, hardware and software failures. The organization should have a proper data backup policy with clear guidelines on periodicity of backup, encryption, securing the backup data, restoration procedures etc.
  6. Personal E-mail accounts should not be used for official correspondences.
  7. No official documents should be synchronized or stored on Cloud Storage services.
  8. Mobile phones should not be charged using data cable from CPUs/Computers.
  9. Landlines telephones should be provided with caller identification facility and no classified information should be passed on without establishing the identity of the caller. Unknown numbers preferably be called back to rule out use of spoofed number by callers to collect information.
  10. OS, Antivirus and other applications should be updated regularly.
  11. The password of the Server should be of minimum 13 digits and of other PCs 8 digits alpha-numeric passwords. All the computers having sensitive data should have three layered password.
  12. Removal of hard disk of computers as well as photocopier Machines should be ensured while sending them for repairs and destruction of the same in presence of a responsible officer at the time of their disposal should be ensured.
  13. The use of pen-drives on official computers/laptops should normally be discouraged Pen-drives once used on the internet should be scanned thoroughly for any computer malware/virus.
  14. Computers used for sensitive work/R&D should be audited periodically by an in-house audit team. Any breach of computer security like hacking, malicious mail, virus attack, theft of hardware, use of personal storage device etc. should be brought to the notice of head of the Institute immediately so that remedial measures can be taken promptly. Third party cyber security audit by CERT-in approved agency may be carried out at least once a year.
  15. External media devices like pen drives, CDs etc. brought from outside for presentation may not be allowed to be used on PCs of the institute. Instead, a standalone PC may be earmarked for such presentations.
  16. The hard disks of Printer, Xerox machines, Fax machines etc. need to be removed before sending the same outside the premises for repair.
  17. Only authorized AMC personnel, duly vetted by local police be allowed to undertake maintenance/expansion work relating to any computer including server rooms. It should be carried out in presence of IT officials of the Institute.